Where does all this spam comes from? Is it all proxied? are some IP ranges the wild west? Are there many botnets being used? Are some questions worth asking.

The chart shows “ranges” where multiple spamming or other abuse has been logged. Thousands of data points have been compressed to about 550 IP ranges susceptible to hosting spammers.

Some of the ranges are particular host services otherwise they are random IPs from bots or a rogue spammer exploiting a school or someone using their own or someone else’s phone or PC.

Also, note that USA might have most, but they have way more connections, so proportionally you’d expect them to be high. The same applies to the China figures which may be small proportionally for such a large population.

Where does all this spam comes from? Is it all proxied? are some IP ranges the wild west? Are there many botnets being used? Are some questions worth asking.

The chart shows “ranges” where multiple spamming or other abuse has been logged. Thousands of data points have been compressed to about 550 IP ranges susceptible to hosting spammers.

Some of the ranges are particular host services otherwise they are random IPs from bots or a rogue spammer exploiting a school or someone using their own or someone else’s phone or PC.

Also, note that USA might have most, but they have way more connections, so proportionally you’d expect them to be high. The same applies to the China figures which may be small proportionally for such a large population.

Over the past few years, spammers have sought out large ranges of IP addresses.

By spreading out their sending patterns across a wide range of IP addresses, they can attempt to defeat spam filters and get spam and malware emails delivered where they are not wanted.

However, IPv4 addresses are getting scarce and hard to come by. In fact, as of September 2015, the Internet Registry ARIN (American Registry for Internet Numbers) allocated the final block of IPv4 addresses from its free pool.

Because spammers can’t easily obtain new IP addresses through legitimate means, they frequently resort to stealing IP address blocks that are dormant and aren’t being utilized by the rightful owners.

There is a thriving black market in IP addresses; spammers don’t care whether the source of their IP addresses is legitimate or even legal. A cybercriminal that can steal a large IP address block (for example, a /16 or 65,536 IP addresses) can generate thousands of dollars per month.

For cybercriminals to make use of their stolen blocks however, a crucial step is to find an Internet Service Provider(ISP) or network with the ability to route these IP addresses to the rest of the Internet by using an autonomous system number (ASN).

Also crucial is finding an ISP who won’t look too closely at the highly suspicious routing request. To get the routes to their stolen IP addresses announced, criminals will present forged authorization documents (which constitutes felony wire fraud under U.S. law).

In 2014, law enforcement agencies revealed that they had disrupted a Russian botnet that targeted personal bank accounts and stole $100 million.

Ben-Gurion University of the Negev cyber security researchers have discovered and traced approximately six botnets by analyzing data collected from past cyber attacks. The research was conducted at Deutsche Telekom Innovation [email protected] and was announced at Cybertech 2016 in Tel Aviv today.

Botnets are networks of malicious, remotely updatable code that covertly lurk on infected computers. Using botnets, which until now were largely untraceable, hackers and cyber criminals can carry out powerful attacks, spread viruses, generate spam, and commit other types of online crime.